XP Security Tool is another security program tagged by security experts as rogue because it was detected to perform various malicious activities when installed on the computer. It was also noticed that XP Security Tool is being propagated by a Trojan which was created primarily for this purpose. Some websites were also created that hosts a malicious script that downloads and install XP Security Tool on visitors computer. If installed, alterations to system registry is carried out to ensure that it will load when Windows is run. A virus scan will be exhibited and dozens of threats will be published to trick computer users and make them believe that a purchase of XP Security Tool is necessary to remove threats and protect the computer from other infections.
Be aware that XP Security Tool is a fake program and during diagnostics by security experts it was found that it was not capable to remove virus and protection is impossible to achieve.
What are the Symptoms of XP Security Tool Infection?
Virus scan will run after the installation and “Infections Found” will be issued to scare computer users and convince them to purchase the XP Security Tool registration key.
It will modify Windows Registry and add the following entries:
- HKEY_CURRENT_USER\Software\Classes\.exe
- HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
- HKEY_CURRENT_USER\Software\Classes\.exe\shell
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\start
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command
- HKEY_CURRENT_USER\Software\Classes\secfile
- HKEY_CURRENT_USER\Software\Classes\secfile\DefaultIcon
- HKEY_CURRENT_USER\Software\Classes\secfile\shell
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\open
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\runas\command
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\start
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\start\command
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1? %*”
- HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1? %*”
- HKEY_CURRENT_USER\Software\Classes\.exe | @ = “secfile”
- HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | @ = “”%AppData%\ave.exe” /START “%1? %*”
- HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command | IsolatedCommand = “”%1? %*”
The threat will drop the following malicious files:
- %AppData%\ave.exe
How to Remove XP Security Tool Manually
1. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
– Click Start > Run
– Type in the field, regedit
– Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
– Base on the given location above, browse and delete the file
– If no location is given, click Start>Search> and search for the files.
– If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
– Update antivirus program
– Scan computer and delete all detected threats.
How to Easily Remove XP Security Tool
1. Download and run Removal Tool to remove XP Security Tool
